News

Resources

Bitdefender, a leading global cybersecurity company protecting over 500 million users worldwide, continues to innovate with the introduction of “Detection of Cyberbullying and Online Predators” features included in Parental Control... Read More

BUCHAREST, Romania/SANTA CLARA, Calif, September 17, 2018 – a leading global cybersecurity company protecting over 500 million users across 150 countries, announced today that CRN®, a brand of The Channel... Read More

Six Years and Counting: Inside the Complex Zacinlo Ad Fraud Operation

For more than a decade, adware has helped software creators earn money while bringing free applications to the masses. Headliner games and applications have become widely available to computer and mobile users the world over, with no financial strings attached.

While generating untold revenue for the companies that run these programs, adware has witnessed constant improvements over the years in both data collection and resilience to removal. The line between adware and spyware has become increasingly fuzzy during recent years as modern adware combines aggressive opt-outs with confusing legal and marketing terms as well as extremely sophisticated persistence mechanisms aimed at taking control away from the user. This whitepaper details an extremely sophisticated piece of rootkit-based spyware that has been running covertly since early 2012, generating revenue for its operators and compromising the privacy of its victims.

Download the whitepaper below for a complete analysis of the malware’s components, its internal structure and a list of associated samples and IoCs.

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

7 Comments

Why would you think that? We have had detection for this strain of malware since second zero, so we've done our fair share of helping people out. We are trying to document attacks whenever time allows us, but our main focus is developing technologies and threat intelligence to protect people from such attacks. This is where most of our efforts go, the rest is provided on a "best effort" basis.

A few questions:
1. Approximately how many machines were infected with this malware?
2. Is there a link to the IOCs in a format other than PDF? (example: as text files or CSVs on GitHub or elsewhere) … The PDF format makes it difficult to use these IOCs "as is".
3. What has your interaction been with Microsoft (or others) to invalidate these certificates in use, and remove this malware from all Windows systems?